FKIE_CVE-2025-44635

Vulnerability from fkie_nvd - Published: 2025-06-20 17:15 - Updated: 2026-04-15 00:35
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before ERHMG2-MNW100-R1126; GR3200, GR5200, GR8300 and other series routers before MiniGR1B0V100R018L50; GR-1800AX before MiniGRW1B0V100R009L50; GR-3000AX before SWBRW1A0V100R007L50; and GR-5400AX before SWBRW1B0V100R009L50. Attackers can bypass authentication by including specially crafted text in the request URL or message header, and then inject arbitrary malicious commands into some fields related to ACL access control list and user group functions and execute to obtain the highest ROOT privileges of remote devices, thereby completely taking over the remote target devices.
References
cve@mitre.orghttps://www.h3c.com/cn/Service/Online_Help/psirt/security-notice/detail_2021.htm?Id=459
cve@mitre.orghttps://zhiliao.h3c.com/Theme/details/230461
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before ERHMG2-MNW100-R1126; GR3200, GR5200, GR8300 and other series routers before MiniGR1B0V100R018L50; GR-1800AX before MiniGRW1B0V100R009L50; GR-3000AX before SWBRW1A0V100R007L50; and GR-5400AX before SWBRW1B0V100R009L50. Attackers can bypass authentication by including specially crafted text in the request URL or message header, and then inject arbitrary malicious commands into some fields related to ACL access control list and user group functions and execute to obtain the highest ROOT privileges of remote devices, thereby completely taking over the remote target devices."
    },
    {
      "lang": "es",
      "value": "Hay varias vulnerabilidades de ejecuci\u00f3n remota de comandos no autorizados en los enrutadores de las series H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W y NR1200W anteriores a ERG2AW-MNW100-R1117, los enrutadores de las series H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2 y ER8300G2-X anteriores a ERHMG2-MNW100-R1126, los enrutadores GR3200, GR5200, GR8300 y otros modelos anteriores a MiniGR1B0V100R018L50. GR-1800AX anterior a MiniGRW1B0V100R009L50; GR-3000AX anterior a SWBRW1A0V100R007L50; y GR-5400AX anterior a SWBRW1B0V100R009L50. Los atacantes pueden eludir la autenticaci\u00f3n incluyendo texto especialmente manipulado en la URL de solicitud o en el encabezado del mensaje, y luego inyectar comandos maliciosos arbitrarios en algunos campos relacionados con la lista de control de acceso ACL y las funciones de grupo de usuarios, y ejecutarlos para obtener los privilegios ROOT m\u00e1s altos de los dispositivos remotos, controlando as\u00ed completamente los dispositivos objetivo remotos."
    }
  ],
  "id": "CVE-2025-44635",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-20T17:15:40.400",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://www.h3c.com/cn/Service/Online_Help/psirt/security-notice/detail_2021.htm?Id=459"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://zhiliao.h3c.com/Theme/details/230461"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.